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DETAILED ACTION 

Claims 1 -20 are pending. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the invention thereof by the applicant for a patent. 

Claims 1 and 3-7 rejected under 35 U.S.C. 102(a) as being anticipated by PBDM: 
A Flexible Delegation Model in RBAC (hereinafter PBDM). 
Regarding claim 1 : 

PBDM discloses a delegation method, implemented in a delegation system, 
comprising the steps of: 

providing delegation policies as general rules for limiting delegation (Abstract, 
security administrator specify the permissions that a user (delgator) has authority to 
delegate to others (delegate)); 

receiving a delegation condition and a delegation approval submitted by a 
grantor for vesting authority of the grantor's role to a grantee, wherein the grantor's role 
is designated the authority to access a set of data (page 149, three types of situations in 
which delegation takes place (the third type specifies access authority in order to share 
information; page 152, 2 nd column, when John wants to delegate, Jenny receives 
delegation conditions (group and temporary (time-based))); and 
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determining consequent authority vested to the grantee based on the delegation 
approval, the delegation condition and the delegation policies (page 152, 2 nd column, 
Jenny has access to change_schedule and role PE). 

Regarding claims 3 and 4: 

The method as claimed in claim 1 , wherein the delegation condition comprises a 
static condition for limiting the vested authority, the static condition comprising at least a 
total time condition, a time condition, a location condition or a function condition (page 
152, a temporary role is created by John (temporary is defined as not permanent, 
therefore a time condition is in place)). 

Regarding claims 5 and 6: 

The method as claimed in claim 1 , wherein the delegation condition comprises a 
dynamic condition for limiting the vested authority, the dynamic condition comprising at 
least a session condition or a group condition (page 152, John assigns Jenny to D2 with 
group conditionj change_schedule and role PE). 

Regarding claim 7: 

The method as claimed in claim 1 , further comprising the steps of: 

storing the vested consequent authority as consequent delegation information (it 

is inherent that the vested consequent authority be stored); 

creating a temporary role according to the consequent delegation information 

using a role-based system (page 152, steps P1 and P2 create a temporary role); and 

i 

designating the temporary role to the grantee (page 153, step P3 discloses 
assigning the role). 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent: may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 

i 

prior art under 35 U.S.C. 103(a). 

Claims 2, 8, and 9 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over PBDM as applied to claim 1 above, and further in view of RBAC Policies In XML 
For X.509 Based Privelege Management (hereinafter RBAC). 

Regarding claim 2: 

PBDM discloses the method as claimed in claim 1, but does not discloses 
wherein the delegation condition is presented in extensible markup language (XML). 

RBAC discloses using XML to present the delegation condition (pages 13 and 
14). It would have been obvious to one of ordinary skill in the art at the time of invention 
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to modify the method of PBDM with the method for using XML of RBAC in order to 
facilitate the sharing of data across different information systems. 
Regarding claim 8: 

PBDM and RBAC disclose the method as claimed in claim 1 , wherein the 
determining step further comprises the steps of: 

determining whether the delegation condition satisfies the delegation policies 
(RBAC, page 12, The IF clause specifies conditions which must be satisfied in order for 
the actions to be granted); 

adjusting the delegation condition to the delegation policies when the delegation 
condition does not satisfy the delegation policies (RBAC, page 12, the policy implicitly 
operates the D^ny All Unless Explicitly Granted rule, thus if the condition is not met it 
will be changed Ito a deny all); and 

acquiring' a consequent delegation condition, where the consequent delegation 
condition comprises, when the delegation condition does not satisfy the delegation 
policies, the adjusted delegation condition or, when the delegation condition satisfies 
the delegation policies, comprises the delegation condition (RBAC, when the delegation 
condition is met, the current delegation is kept, but when the delegation condition is not 
met, the consequent delegation condition and policy is set to deny the access). 

Regarding claim 9: 

The method as claimed in claim 8, further comprising the steps of: 
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determining whether usage of the set of data satisfies the. consequent delegation 
condition (RBAC, the delegation condition will be inherently checked each and every 
access); and 

retracting: the vested authority when usage of the set of data does not satisfy the 
consequent delegation condition (PBDM, it is inherent that the temporary role will be 
revoked after the time condition or the grantor removes the permission). 

Claims 10-15 correspond to the system of claims 1-9 and claims 15-20 
correspond to the machine-readable storage medium of claims 1-9 and are hereby 
rejected with the same logic as the rejection of claims 1-9. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 

examiner should be directed to James Turchen whose telephone number is 571-270- 

i 

1378. The examiner can normally be reached on MTWRF 7:30-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571 )272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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